Encryption

To transfer data securely to a partner, this data is encrypted using the partner's public key (that is, the partner certificate).

Only the partner can decrypt this data with his private key, which only he possesses. If the partner wants to send us encrypted data, he has to encrypt it with our public key so that only we can read it with our private key (our local certificate).

The partner must be in possession of the public key of our local certificate. In turn, we must have his public key. He may have received our public key as an exported certificate from us, e.g. by email, or he may have received it online from us during the connection setup. So we need to import the partner certificate we receive from the partner, and the partners must install our exported local certificate on their side as partner certificate. See section Local Certificates.

In the case of a secure web server, the clients (which the server does not know before) receive the certificate and the public key during the connection setup during the SSL handshake.